IntSights plugin

plugins/rapid7_intsights/.CHECKSUM

@@ -0,0 +1,43 @@
+{
+	"spec": "23fa055c61c44298f0bd3a8550f3edfa",
+	"manifest": "9a1c0ed12f4a14563a7e6ee8431fcb56",
+	"setup": "03540fca0745c2f43e81830a80d402bb",
+	"schemas": [
+		{
+			"identifier": "add_manual_alert/schema.py",
+			"hash": "66fe76d79131cfff95fd23f003539a3d"
+		},
+		{
+			"identifier": "enrich_indicator/schema.py",
+			"hash": "d65d91c1451a8e7de47b9e709590f5ea"
+		},
+		{
+			"identifier": "get_alerts/schema.py",
+			"hash": "8bc5304d87461a5b72da0982032bb73a"
+		},
+		{
+			"identifier": "get_complete_alert_by_id/schema.py",
+			"hash": "e1caf7b9e81e3e8ccff0dec44f5ec2b7"
+		},
+		{
+			"identifier": "get_indicator_by_value/schema.py",
+			"hash": "39a599120e9f7d02c34a36f607085ae5"
+		},
+		{
+			"identifier": "get_indicator_scan_status/schema.py",
+			"hash": "da46d94cb70a3ad32d719881a4fde656"
+		},
+		{
+			"identifier": "rescan_indicator/schema.py",
+			"hash": "9d70900a799a50bafa5b1ba9245b8fe3"
+		},
+		{
+			"identifier": "takedown_request/schema.py",
+			"hash": "623d2b1efc3739038015ed9904bea097"
+		},
+		{
+			"identifier": "connection/schema.py",
+			"hash": "4d9563dcc56614543713c05f554ef869"
+		}
+	]
+}

plugins/rapid7_intsights/.dockerignore

@@ -0,0 +1,9 @@
+unit_test/**/*
+unit_test
+examples/**/*
+examples
+tests
+tests/**/*
+**/*.json
+**/*.tar
+**/*.gz

plugins/rapid7_intsights/Dockerfile

@@ -0,0 +1,26 @@
+FROM rapid7/insightconnect-python-3-38-plugin:4
+# Refer to the following documentation for available SDK parent images: https://komand.github.io/python/sdk.html#version
+
+LABEL organization=rapid7
+LABEL sdk=python
+
+# Add any custom package dependencies here
+# NOTE: Add pip packages to requirements.txt
+
+# End package dependencies
+
+# Add source code
+WORKDIR /python/src
+ADD ./plugin.spec.yaml /plugin.spec.yaml
+ADD . /python/src
+
+# Install pip dependencies
+RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+
+# Install plugin
+RUN python setup.py build && python setup.py install
+
+# User to run plugin code. The two supported users are: root, nobody
+USER nobody
+
+ENTRYPOINT ["/usr/local/bin/icon_rapid7_intsights"]

plugins/rapid7_intsights/Makefile

@@ -0,0 +1,53 @@
+# Include other Makefiles for improved functionality
+INCLUDE_DIR = ../../tools/Makefiles
+MAKEFILES := $(wildcard $(INCLUDE_DIR)/*.mk)
+# We can't guarantee customers will have the include files
+# - prefix to ignore Makefiles when not present
+# https://www.gnu.org/software/make/manual/html_node/Include.html
+-include $(MAKEFILES)
+
+ifneq ($(MAKEFILES),)
+  $(info [$(YELLOW)*$(NORMAL)] Use ``make menu`` for available targets)
+  $(info [$(YELLOW)*$(NORMAL)] Including available Makefiles: $(MAKEFILES))
+  $(info --)
+else
+  $(warning Makefile includes directory not present: $(INCLUDE_DIR))
+endif
+
+VERSION?=$(shell grep '^version: ' plugin.spec.yaml | sed 's/version: //')
+NAME?=$(shell grep '^name: ' plugin.spec.yaml | sed 's/name: //')
+VENDOR?=$(shell grep '^vendor: ' plugin.spec.yaml | sed 's/vendor: //')
+CWD?=$(shell basename $(PWD))
+_NAME?=$(shell echo $(NAME) | awk '{ print toupper(substr($$0,1,1)) tolower(substr($$0,2)) }')
+PKG=$(VENDOR)-$(NAME)-$(VERSION).tar.gz
+
+# Set default target explicitly. Make's default behavior is the first target in the Makefile.
+# We don't want that behavior due to includes which are read first
+.DEFAULT_GOAL := default # Make >= v3.80 (make -version)
+
+
+default: image tarball
+
+tarball:
+	$(info [$(YELLOW)*$(NORMAL)] Creating plugin tarball)
+	rm -rf build
+	rm -rf $(PKG)
+	tar -cvzf $(PKG) --exclude=$(PKG) --exclude=tests --exclude=run.sh *
+
+image:
+	$(info [$(YELLOW)*$(NORMAL)] Building plugin image)
+	docker build --pull -t $(VENDOR)/$(NAME):$(VERSION) .
+	docker tag $(VENDOR)/$(NAME):$(VERSION) $(VENDOR)/$(NAME):latest
+
+regenerate:
+	$(info [$(YELLOW)*$(NORMAL)] Regenerating schema from plugin.spec.yaml)
+	icon-plugin generate python --regenerate
+
+export: image
+	$(info [$(YELLOW)*$(NORMAL)] Exporting docker image)
+	@printf "\n ---> Exporting Docker image to ./$(VENDOR)_$(NAME)_$(VERSION).tar\n"
+	@docker save $(VENDOR)/$(NAME):$(VERSION) | gzip > $(VENDOR)_$(NAME)_$(VERSION).tar
+
+# Make will not run a target if a file of the same name exists unless setting phony targets
+# https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
+.PHONY: default tarball image regenerate

plugins/rapid7_intsights/bin/icon_rapid7_intsights

@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+# GENERATED BY KOMAND SDK - DO NOT EDIT
+import os
+import json
+from sys import argv
+
+Name = "Rapid7 IntSights"
+Vendor = "rapid7"
+Version = "1.0.0"
+Description = "Rapid7 IntSights is disrupting external threat intelligence with a combination of human and automated collection, intelligent analysis, and strategic threat hunting that turns the clear, deep, and dark webs into an intelligence resource that any company can deploy"
+
+
+def main():
+    if 'http' in argv:
+        if os.environ.get("GUNICORN_CONFIG_FILE"):
+            with open(os.environ.get("GUNICORN_CONFIG_FILE")) as gf:
+                gunicorn_cfg = json.load(gf)
+                if gunicorn_cfg.get("worker_class", "sync") == "gevent":
+                    from gevent import monkey
+                    monkey.patch_all()
+        elif 'gevent' in argv:
+            from gevent import monkey
+            monkey.patch_all()
+
+    import insightconnect_plugin_runtime
+    from icon_rapid7_intsights import connection, actions, triggers
+
+    class ICONRapid7Intsights(insightconnect_plugin_runtime.Plugin):
+        def __init__(self):
+            super(self.__class__, self).__init__(
+                name=Name,
+                vendor=Vendor,
+                version=Version,
+                description=Description,
+                connection=connection.Connection()
+            )
+            self.add_action(actions.AddManualAlert())
+
+            self.add_action(actions.EnrichIndicator())
+
+            self.add_action(actions.GetAlerts())
+
+            self.add_action(actions.GetCompleteAlertById())
+
+            self.add_action(actions.GetIndicatorByValue())
+
+            self.add_action(actions.GetIndicatorScanStatus())
+
+            self.add_action(actions.RescanIndicator())
+
+            self.add_action(actions.TakedownRequest())
+
+
+    """Run plugin"""
+    cli = insightconnect_plugin_runtime.CLI(ICONRapid7Intsights())
+    cli.run()
+
+
+if __name__ == "__main__":
+    main()